Zero Trust Access Management

Appian based access management solution that incorporates all the core fundamentals to support Zero Trust Security Framework.

1. It should be highly decoupled to be reused across multiple applications that are federated or on one platform,
2. It should be very easy to use, understand and provide value to multiple stakeholder groups (architects, security officers, auditors etc.) to maximize adoption,
3. It should be scalable and flexible to support wide array of security requirements,
4. It should be adaptable to require minimum to no changes if application security requirements change,
5. It should be primarily built on Appian’s core capabilities with minimal integrations (yes, its counterintuitive for a hackthon entry, but we wanted it to be easily deployable at customer locations with minimal effort)
6. It needs to leverage intelligent technology to be continuously learning and improving on its own.

• We used Appian Records to create the required constructs such as Organizations, Applications, Roles and Teams.
• We translated the security mappings using database many-to-many tables for scalability.
• We created a plugin to automatically create Appian Application which ties directly to the Application Record.
• We used Appian RPA to scrape text from the site to update the systems current threat level.
• We used Appian task and emails for notifications, as well as Appian Push Notification features to alert users on any anomalies.
• We used Appian‚Äôs logs to track user‚Äôs login profile (browser, timestamp, IP etc)
• Finally, we did use AWS Sagemaker to train the algorithm to identify anomalies using Random Cut Forest algorithm.

• Creating a generic role-base access control architecture was harder than we initial thought. We wanted to make sure it is very scalable. The database design was challenging.
• Appian RPA was initially challenging, but once we got to know it, it became a lot simpler.
• Creating a data set to train Sagemaker was challenging, we ended up creating our own data set. Ideally, we would have gotten this data from a live user access management system.